PROBLEM: ipv6 and dnssec

Patrick McHardy kaber at trash.net
Sat Sep 10 16:04:33 UTC 2005 

Jean-Philippe Pick wrote:
> (first, sorry for the broadcast)
> 
> Hello,
> 
> I'm working for the French NIC and I operate a DNS nameserver (c.nic.fr) which use IPv6 and DNSSEC.
> I have a problem with the ip6_output() function which sometimes crash the named process !
> 
> I think it's occurs when named is creating a "big" IPv6 UDP packet for DNSSEC answers.
> The packet, which is bigger than 1500 bytes, need to be splitted in two fragments.
> And at this moment the ip6_output() function crash )-:
> 
> I cannot reproduce it, but it occurs 3 times this weekend !
> 
> When I query the DNS server with IPv6 and DNSSEC :
> # dig -6 @c.nic.fr ripe.net +dnssec
> 
> I can see with tcpdump the two fragments :
> | 12:42:07.146478 electron6.nic.fr.46352 > c.nic.fr.domain:  12431+ [1au] A? ripe.net. (37)
> | 12:42:07.146660 c.nic.fr > electron6.nic.fr: frag (0|1448) domain > 46352:  12431*- 2/6/16[|domain]
> | 12:42:07.146666 c.nic.fr > electron6.nic.fr: frag (1448|597)
> 
> When the kernel bugs, I get this message :
> 
> Sep  4 19:09:22 troy kernel: ------------[ cut here ]------------
> Sep  4 19:09:22 troy kernel: kernel BUG at net/ipv6/ip6_output.c:718!
> Sep  4 19:09:22 troy kernel: invalid operand: 0000 [#1]
> Sep  4 19:09:22 troy kernel: SMP
> Sep  4 19:09:22 troy kernel: Modules linked in: dcdipm(U) dcdbas(U) autofs4 i2c_dev i2c_core sunrpc md5 ipv6 dm_mod video button battery ac uhci_hcd ehci_hcd hw_random shpchp e1000 floppy sg ext3 jbd megaraid_mbox megaraid_mm sd_mod scsi_mod
> Sep  4 19:09:22 troy kernel: CPU:    1
> Sep  4 19:09:22 troy kernel: EIP:    0060:[<f8aec7fb>]    Tainted: PF     VLI
> Sep  4 19:09:22 troy kernel: EFLAGS: 00010282   (2.6.12-1.1447_FC4smp)
> Sep  4 19:09:22 troy kernel: EIP is at ip6_fragment+0x1d9/0x7bd [ipv6]
> Sep  4 19:09:22 troy kernel: eax: fffffff2   ebx: f7954280   ecx: fffffda0   edx: f34e0600
> Sep  4 19:09:22 troy kernel: esi: fffffda0   edi: f3ce3840   ebp: f3ce3840   esp: f65abbe0
> Sep  4 19:09:22 troy kernel: ds: 007b   es: 007b   ss: 0068
> Sep  4 19:09:22 troy kernel: Process named-ns3.nic.f (pid: 3553, threadinfo=f65ab000 task=f793ca80)
> Sep  4 19:09:22 troy kernel: Stack: badc0ded fffffda0 00000245 f8aeb597 c222dc80 f7e3bc80 00000245 fffffda4

                                      ^^^^^^^^
This looks suspicious, but doesn't appear anywhere in the vanilla kernel
except for arch/sparc64/solaris/timod.c, so I guess it is specific
to the FC kernel. You can either talk to the Fedora people or try to
reproduce it with the current vanilla kernel and post a report to
netdev at vger.kernel.org if the problem persists.

More information about the bind-users mailing list